from the talking-out-of-both-sides-of-your-mouth dept

While Windows 10 is generally well-liked by reviewers and users, it's relatively clear that it's not the OS to choose if you actually want to control how much babbling your OS does over the network. While a lot of complaints about Windows 10 have been proven to be hyperbole or just plain wrong (like it delivers your BitTorrent behavior to Hollywood or it makes use of menacing keyloggers), Windows 10 is annoyingly chatty, sending numerous reports back to Microsoft even when the operating system is configured to be as quiet and private as possible.

While Microsoft has been criticized for this behavior for some time now, the general response out of Redmond has been to tap dance over, under and around most of the key complaints.

Enter the Electronic Frontier Foundation, which last week effectively called on Microsoft to stop bullshitting everybody in terms of what gets collected and why. The EFF does a good job reiterating how Microsoft used malware-esque tactics to get users to upgrade, then once installed, Windows 10 collects user location data, text input, voice input, touch input, web browsing history, and general computing telemetry data, including which programs you run and for how long -- which would be arguably less of an issue if you had full control over how much of this data was collected and funneled back to the Redmond mothership.

Microsoft has made some modest changes to address ballooning concern about user privacy over the last year, but the EFF notes that the company continues to tap dance around how much data is collected, what the company is doing with it, and why users can't have full privacy control over an OS they purportedly own:

A significant issue is the telemetry data the company receives. While Microsoft insists that it aggregates and anonymizes this data, it hasn’t explained just how it does so. Microsoft also won’t say how long this data is retained, instead providing only general timeframes. Worse yet, unless you’re an enterprise user, no matter what, you have to share at least some of this telemetry data with Microsoft and there’s no way to opt-out of it.

Microsoft has tried to argue that Windows Update won't work if telemetry reporting is minimized and user privacy and preferences are actually protected. In short, Microsoft has tried to claim that giving users broader control puts the user at risk by hamstringing security updates. That's something the EFF is quick to call bullshit on, calling it a "false choice" that's "entirely of Microsoft's own creation." What Microsoft should do if it truly values its customers, the EFF argues, is dramatically ramp up company transparency and finally offer a meaningful, simple opt-out functionality:

Microsoft should come clean with its user community. The company needs to acknowledge its missteps and offer real, meaningful opt-outs to the users who want them, preferably in a single unified screen. It also needs to be straightforward in separating security updates from operating system upgrades going forward, and not try to bypass user choice and privacy expectations.

In response to the EFF, Microsoft has continued to do what it has always done: pretending that nothing is wrong, customer control and privacy are the company's highest priorities, and these privacy concerns are overblown because, shucks, most people really like the OS:

Microsoft is committed to customer privacy and ensuring that customers have the information and tools they need to make informed decisions. We listened to feedback from our customers and evolved our approach to the upgrade process. Windows 10 continues to have the highest satisfaction of any version of Windows.

Granted that may say more about past interactions of Windows than of Windows 10. Even then, because people generally like the core OS experience Windows 10 offers doesn't magically dismantle concerns that Microsoft still, more than a year after launch, isn't actually listening to its customers when it comes to privacy and control.

Re:

More like Electronic Fear Foundation these days... but as others have said, proof that Karl ain't a top shelf Techdirt writer!

I was going to add that I think that this is a case like #hillaryhealth. No matter how much Microsoft says the data is made anonymous or pooled in a manner that doesn't allow for individual data to be matched to user, there will always be those screaming "spying!". It's pretty unavoidable.

EFF's entire spiel here seems to be based on (at best) second hand knowledge.

Re: Re:

"EFF's entire spiel here seems to be based on (at best) second hand knowledge."

Which is kinda the whole point, since the first hand knowledge is being jealously guarded. When you mess with people's privacy but won't be up front about exactly what you're doing, expect to be called on it.

Re: Re: Re:

Its a bit rich for Microsoft to encrypt all of the telemetry/spyware data and then complain that there is no direct evidence.

Just as an aside, I've just installed Linux Mint and installed Windows 7 in VirtualBox and it runs reasonably well. I don't think it would be useful for games but the software that I use runs fine (so far). Virtual Box can install Windows 95, 98, NT, 2000, XP, Visa, 7, 8, 10 and more. Really easy to install and has great features (like mounting iso's). I'm still playing around with it to see what it can do.

Re: Re: Re: Re:

Just as an aside, I've just installed Linux Mint and installed Windows 7 in VirtualBox and it runs reasonably well. I don't think it would be useful for games but the software that I use runs fine (so far). Virtual Box can install Windows 95, 98, NT, 2000, XP, Visa, 7, 8, 10 and more. Really easy to install and has great features (like mounting iso's). I'm still playing around with it to see what it can do.

Sure, you can install Windows 95/98 on it, but like every single other virtual machine program out there, there's virtually no support for them. Meaning that they're pretty much useless for the number one thing most people would want to run those versions of Windows for: Games.

Re: Re:

No matter how much Microsoft says the data is made anonymous or pooled in a manner that doesn't allow for individual data to be matched to user, the simple fact of the matter is that de-anonymizing data is a lot easier than you'd like to think.

Not for my district till they make it easier to opt out.

I run a K12 school network and we go out of our way to not update to win 10 due to those issues. It would be nice to have a stable OS and security updates, but I just cant hand over to MS the data they seem to want even with a Pro or Enterprise version. When they give me the ability to protect the data that comes from what our students do on the taxpayers systems, I will consider the update.

Re: Not for my district till they make it easier to opt out.

>Windows 10 is generally well-liked by reviewers and usersOther than the cancer, I'm perfectly healthy.

This implies that privacy and security are secondary concerns. Will we ever reach a point that a majority of people see these as just as important as other facets of evaluating the merit of a technology?

Re:

This implies that privacy and security are secondary concerns. Will we ever reach a point that a majority of people see these as just as important as other facets of evaluating the merit of a technology?

Re: Re:

> too late to go backThere have been some pretty dark times in human history and we've always managed to make a brighter day. The issues we face today pale in comparison to what our ancestors faced and are even less worthy of such a defeatist attitude.

Re: Re: Re:

Coming to Windows 7 in Oct

For everyone like myself who opted out of upgrading to keep control over updates and information it looks like that strategy is going to be useless. Starting in Oct MS will be combining all the updates together just like Windows 10 does. No more accepting just the security updates you want, it will be all or nothing.

As far as keeping MS in the dark with your info goes all you need to do is block MS via your router. As far as I know just about every router has that ability.

Re: Coming to Windows 7 in Oct

I'm a Linux user, but there are a few Windows 10 machines in my house (my wife has a couple, and I keep a couple for gaming). And yeah, blocking it at the router is the only way to be sure. I recently built a pfSense box; I'd been planning to do it for months anyway, but the stuff I read about Anniversary Edition (read: making it much more difficult to turn all the tracking "features" off) was an incentive to get moving on it.

"All you need to do is block it from your router" is probably good general advice for Techdirt's audience, but obviously that is not something you can expect a typical end user to do. An operating system should *not* require its users to set up blocking rules in a separate hardware firewall to get reasonable privacy settings. The tracking "features" should not only be easy to disable, they should be disabled by default.

Re: Coming to Windows 7 in Oct

So that particular discussion comes down to the tradeoff between simplifying testing while giving software developers consistency in their environments and forcing them into good habits vs giving large companies the ability to quick-fix things by removing one problematic change while maintaining a thin veneer of compliance.

I remember when in Office 2003, depending on what order patches were applied in, you'd end up with data being written to an exchange server being goofed up. I had a lot of people showing up to meetings at the wrong time or in the wrong room because of that at a large company. I would routinely uninstall and re-patch the system to the most recent version on a dozen machines then use mfcmapi to correct the exchange server data. Generated plenty of work, but it was make-work due to a fundamentally broken system. Some of the problem here really is the software developers, and frankly Microsoft's past sins.

It is absolutely not a legacy-friendly change or a change that is friendly to thick client software and when combined with the rest of Microsoft's actions, especially playing big brother in order to gather large volumes of data in order to train their azure-based neural nets so they can offer "cognitive services", it comes across as another strong-arm tactic.

And they should be hung for it. From the highest pole. Because the standard they are setting for the rest of the industry is atrocious.

Re: Coming to Windows 7 in Oct

I would probably suggest that you check this out..

www.autopatcher.net/forum/

The AutoPatcher software is freeware and independently developed. You can download all the latest security patches and updates directly from Microsoft through this software. At least this way You will be in control of the updates you install on your system.. :)

Re: Re: Coming to Windows 7 in Oct

http://www.wsusoffline.net/ might also be of interest: "Update Microsoft Windows and Office without an Internet connection" ( well, you need a connection to download but after that you can use it offline to update others; I put mine on a usb thumb drive).

Re: Re: Coming to Windows 7 in Oct

That looks like a good option but I will have to research it to make sure it is not malware. It's hard to know who you can trust any more. A lot of spyware and even ransomware are programs disguised as security programs.

Re: Re: Re: Coming to Windows 7 in Oct

REALLY simple answer to that question, OldGeezer... ANYTHING from MS is NOT to be trusted.. They've proven they're untrustworthy for many many years, and if you follow that option, you can't go wrong.. I'm an "oldgeezer" also (66 y/o) and did close to 20 years as a sysadmin supporting Windows (and Linux) and when I retired in 2010, I decided then and there I was done with MS products.. Could NOT be happier with my decision...

Are we still talking about all of that fake network traffic from some random guy on Reddit that has already been discredited? If you have an Android device, you've already been facing similar tactics from Google for years. The only difference is that nobody wants a useless Chromebook, so it feels new when you take the concept from the screen in your pocket to the one on your desk. It sucks that it has come to this, but your privacy is the cost of modern convenience. If you don't like it, downgrade to an older blackberry and start running Linux. Otherwise, shut up and move on.

Re:

That's not rain, and no amount of lies will convince me otherwise.

It sucks that it has come to this, but your privacy is the cost of modern convenience.

Yeah, no. They somehow managed to handle updates and all that fun stuff without requiring that absolutely absurd amounts of personal data be handed over on a regular basis before, the idea that they just can't manage updates without access to that personal data now is rubbish. They could easily decide to make the handing over of personal data clear and opt-in, they just prefer to lie and claim that they can't and that the reason they can't is because they just care so much about their customers.

Re: Juan

What a shrill..

No you do not have to pay with your privacy to use moderne tools. The makers of these tools just need to be forced to follow good privacy guidlines instead of just going for a bigger profit by selling out their users

Re:

Are we still talking about all of that fake network traffic from some random guy on Reddit that has already been discredited? - No, read the article?

If you have an Android device, you've already been facing similar tactics from Google for years. - Classic whataboutery.

It sucks that it has come to this, but your privacy is the cost of modern convenience. If you don't like it, downgrade to an older blackberry and start running Linux. Otherwise, shut up and move on.- If you don't like American police murdering people with almost no recourse, stop campaigning for change and just move to Finland. Otherwise, shut up and move on.

Re:

If I'm not mistaken, you're making the argument that Windows wouldn't work if MS disabled the tracking components?

Because if you'll recall, that's the exact legal argument that MS made to defend its integration of IE into Windows. Which -- if you'll also recall -- was a security nightmare.

If you claim your software cannot function without the integration of unnecessary components that compromise users' security, then you're lying, your software sucks, or both. (In MS's defense, they've graduated from "both" to just "lying", so that's progress. Windows 10 is actually a pretty decent OS if you block all the tracking data at your firewall. Which, by the way, does *not* prevent the OS from functioning.)

Re: Who else can get the data MS collects.

You are ignoring the fact that the US government believes it can legally demand any 3rd party turn over any and all data, secretly. This was a feature requested specifically and the feed is going straight to at least one government server farm that just happened to have been built recently in Utah....

To be expected

This is to be expected from any for profit software company...be it M$, Apple or even Google. They feel that they know what is best for the user and their profit margin. After all, why should they give the end user control over a system they only license and don't own?

Makes me glad I switched to Linux a long time ago. At least I have control over my own systems.

Re: Windows Update won't work if telemetry reporting is minimized and user privacy and preferences are actually protected

"Microsoft has tried to argue that Windows Update won't work if telemetry reporting is minimized and user privacy and preferences are actually protected."

From my experience this is factual. I followed some guides to turn off the telemetry people found and upgrades -minus Defender Definitions- pretty much stopped. After I swapped out my smaller SDD boot to a larger SSD and reinstalled and left the settings alone, I received updates I hadn't seen when I had turned off telemetry.

Look I get it, Microsoft from Vista forward has collected information to better understand the thousands of configurations of hardware.

Thing is, after all the NSA stories broke (factual or not), how Google had a tap directly feeding the NSA and Microsoft's servers and Microsoft's botched XBox One launch where they knew better than all of us combined about what we wanted the confidence level of what they collect and who sees it really make users and governments concerned, for rightful reasons.

If there's nothing to hide, than share the details of what is collected.

If there's no issue, then let users decide what is best for them by allowing us to turn off EVERY feature we didn't want like Cortana which even after turned off still shows in my task manager.

Bottom Line: It's just creepy to believe the OS is doing something we don't have control over, when we didn't ask for it in the first place.

Re: Re:

Re: Re:

The Active Desktop in 95/98 used the Trident rendering engine from IE. The OS code was heavily integrated/commingled with the IE code in Win98. You could remove most of the IE code and still have a functional system, but there were several .dll files that the OS relied on for operation.

Poison the well?

Just an idea. I'm not very proficient in programming, so maybe it's a stupid idea, but whatever:

Can't someone just write some sort of 'patch' or 'addon' for windows where all the private data that Windows wants to send to the Microsoft servers is spoofed, hidden, corrupted of otherwise changed in such a way that the entire thing becomes useless to MS? In fact, done well this could make a fake identity and just feed MS rubbish.

Re: Re: Poison the well?

They recently did that in Windows 7. At least they defeated removeWAT and this time reapplying it did not work. Microsoft will not sell you a 7 key any more. I put in an old key I found from a machine I no longer use and it worked. My virtual machine is now genuine.

Re:

Re:

It's the same kind of funny as their "the most secure windows of all time" bullshit they claim with every iteration, yet somehow seem unable to realize that this implies how bad security must have been in previous versions like XP.

Am I the only one ready for the tinfoil hat?

How do we know that Microsoft isn't under some secret government mandate to get full access to everyone's computers? The 13 privacy screens in 10 could just be a facade and no matter what you think you turned off your microphone and webcam are still on. The NSA doesn't need that new mega complex in Utah to store metadata. You could keep metadata on millions of users with only a few terabytes.

No tinfoil - just facts from research...

Trust me when I say there is A LOT more you can do to protect yourself not just from MS, but anyone, from building a digital profile about you online. What makes this uncomfortable, is the fact that there is no true transparency with ANY of the big corps (Google, MS, Apple, etc..) only an illusion.

...some tips?

Delete your FB account, you do not need FB, FB tells you that you need them, its complete BS, its all marketing - they are building digital profiles about you. Delete your G-mail and all your search history as they are building digital profiles on you as well. Do not search Google when you are logged into your Google account - MS account (Bing) - Yahoo account - hell anything tbh.

You should have a router capable of connecting to a VPN on boot up, PIA is probably the best anon VPN provider out there as they do not log. Your ISP can see EVERYWHERE you go, they have no right to peer into your online activities.

Create a VM with Linux/Win7 master VM if you are super paranoid (Ubuntu is pretty progressed at this point and Win7 is still ok-ish). When you are done? Delete the VM copy, keeping your master image for the next time you need to do some online activity.

Do not login to Windows 10 with your live account/apps.

Whitelist ONLY sites you want to browse then deny everything else in your routers EGRESS ACL (Internal -> Internet). A lot of sites spider to other sites without your knowledge, specifically they can spider to known malware ad hosting sites. .PW or .SU domain anyone? lol.

Privacy needs to be taken seriously. Big Data is Big Money and they are harvesting your data for free. They may claim to anon the data, but seriously, you really believe that?

Look at PRISM and what PRISM was. Tbh, it is probably still operational, just under another code name.

Corps will say they are not in collusion with Gov's, but they are. It's bullshit. I feel like they are taking advantage at low-information computer users (IE. those not skilled technically enough to understand how all this shit works)

Re: No tinfoil - just facts from research...

"Do not login to Windows 10 with your live account/apps."

I have not upgraded to 10 but I have read a lot about it. They make it appear during installation that you have no choice but to log on to your account except Microsoft online. You have to go through extra steps to use a local account. If you click everything "recommended" they will hijack your browser, search engine and other apps to their products. The button to keep your defaults is small and easy to miss. They make it difficult to change back your defaults. Any new programs from them will require 10 and they will probably pressure third party software companies to do the same. Updates from programs will make them incompatible with 7 and 8.1. Programs you have paid for that phone home will deactivate unless you upgrade. They tried to shove 10 down our throats and now about 20% are using it. Eventually 7 and 8.1 will be as useless as 98 and 10 will cost you a couple hundred. Hopefully by then there will be a trusted add on firewall or app that blocks everything except the minimum they need to update security and bugs.

Re: Re: No tinfoil - just facts from research...

A tip to make not using a Live account easier:

I do software testing for a living, and we've done plenty of Windows installs, and we stumbled onto the fact that if your computer is *not* plugged in to a network (for a laptop, you'd presumably have to be able to manually turn off wifi as well), it's a lot easier to get the Win10 initial setup to let you use a local account (I *think* it actually doesn't bug you about it during the setup other than saying you can make a Live account once you're connected to the internet, but it's been a while since I've done one).

Re:

Given that your first thought is "we need a new OS" when Linux has been around for *25 years*, you've pretty succinctly demonstrated the problem: it is very, very difficult for a non-MS operating system to break into the desktop market.

Windows is crap

Re: Windows is crap

Lots of people still run proprietary apps that just plain aren't available on Linux/BSD, from business software to games. I've been using Linux as my primary OS for over a decade but I can't get away from Windows entirely, much as I'd like to.

Most people like Windows 10? Where did they get this false information?

I cannot stand how Windows 10 looks ugly, forces updates and driver updates to hardware (often wrong for your hardware or flat out causes blue screens), DirectDraw is broken, Start menu is hideous and is not organized like it used to be where it made sense, installing certain pieces of software locks up while the same versions install just fine in older versions of Windows even though they are current (e.g. Java), the Action Center is obtrusive, Apps keep resetting to defaults, I can't set my extensions directly from my programs like I was always able to do including in Win8 - I have to do it manually and for HUNDREDS of file types and they will reset to the default apps or get disabled by the time I'm half way through associating them, the Start Menu breaks, I have to hold 'Shift' during a reboot just to get into BIOS or Safe Mode which is dumb and Windows will decide to do 100 updates while I have to hold the 'Shift' key for an hour, THE LIST DOES NOT STOP HERE!!!! WIN10 is HORRIFIC!!! MOST PEOPLE DO NOT LIKE WINDOWS 10!!! I work in a computer repair shop and cannot count how many computers I get in to repair due to Windows 10 related issues and the customer even begs me to put it to Windows 7 where I send them to pick up a legal copy for $150 and gladly load it onto their machine for them. Even if they don't bring in a system for a Win10 issue, if it comes up in conversation they will say how they 'have a Windows 10 computer they just bought and they don't like it'. So many other customers come to the store to purchase a Windows 7 computer because they bought a new computer and did not have a choice that it only comes with Windows 10. Windows 10 is garbage and so many people I know agree with this. The statistics that say so many users are on Windows 10 and are enjoying it... WHAT IN THE WORLD MAKES YOU THINK MOST OF THOSE WINDOWS 10 USERS ARE ENJOYING IT!!!??? WIN8? WIN10? THEY'RE TRASH!!! THEY ARE NO LONGER MICROSOFT PRODUCTS BY RECOGNITION ANYMORE!!! WIN10 IS COMPLETE FUBAR!!! What happened to the days of Windows XP when after SP2 everything just worked!?